Password Control Configuration 579Configuring HistoryPassword RecordingWith this function enabled, when a login password expires, the system requires theuser to input a new password and save the old password automatically. You canconfigure the maximum number of history records allowed for each user. The purposeis to inhibit the users from using one single password or using an old password for along time to enhance the security.■ When the system adds a new record but the number of the recorded historypasswords has reached the configured maximum number, the system replaces theoldest record with the new one.■ When you configure the maximum number of history password records for a user,the excessive old records will be lost if the number of the history password recordsexceeds the configured number.■ When changing a password, do not use the recorded history password; otherwise,the system will prompt you to reset a password.The system administrator can perform the following operations to manually removehistory password records.Table 637 Configure history password recordingOperation Command DescriptionEnter system view system-view —Enable history passwordrecordingpassword-control history enable OptionalBy default, history passwordrecording is enabled.Configure the maximumnumber of the historypassword recordspassword-control historymax-record-numOptionalBy default, the maximumnumber is four.Display the informationabout the global passwordcontrol for all users.OptionalYou can execute the displaycommand in any view.Table 638 Manually remove history password recordsOperation Command DescriptionEnter system view system-view —Remove history passwordrecords of one or all usersreset password-controlhistory-record [ usernameusername ]Executing this command without theusername username option removesthe history password records of allusers.Executing this command with theusername username option removesthe history password records of thespecified user.Remove history records ofone or all super passwordsreset password-controlhistory-record super [ levellevel-value ]Executing this command without thelevel level-value option removes thehistory records of all superpasswords.Executing this command with thelevel level-value option removes thehistory records of the super passwordfor the users at the specified level.
